# Devsecops !!! info "Architectural Context" Detailed reference for Devsecops in the context of Hardened Infrastructure. - [devopszone.info: DevSecOps Explained](https://www.devopszone.info/post/devsecops-explained) [COMMUNITY-TOOL] - [linkedin: Dear Google, my data has left your building!](https://www.linkedin.com/pulse/dear-google-my-data-has-left-your-building-zakir-khan) [COMMUNITY-TOOL] - [snyk.io: The State of Open Source Security 2020](https://snyk.io/articles/open-source-security) [COMMUNITY-TOOL] - [kalilinuxtutorials.com: Deploying & Securing Kubernetes Clusters](https://kalilinuxtutorials.com/deploying-securing-kubernetes-clusters) [COMMUNITY-TOOL] - [loves.cloud: Creating a fully automated DevSecOps CI/CD Pipeline](https://loves.cloud/creation-of-a-fully-automated-devsecops-cicd-pipeline) [COMMUNITY-TOOL] - [redhat.com: Balancing Linux security with usability](https://www.redhat.com/en/blog/linux-security-usability) [COMMUNITY-TOOL] - [thenewstack.io: Culture, Vulnerabilities and Budget: Why Devs and AppSec Disagree](https://thenewstack.io/culture-vulnerabilities-and-budget-why-devs-and-appsec-disagree) [COMMUNITY-TOOL] - [computing.co.uk: CloudBees gets busy with security, visibility and control as DevOps evolves](https://www.computing.co.uk/news/4020521/cloudbees-busy-security-visibility-control-devops-evolves) [COMMUNITY-TOOL] - [devops.com: How to Successfully Integrate Security and DevOps](https://devops.com/how-to-successfully-integrate-security-and-devops) [COMMUNITY-TOOL] - [helpnetsecurity.com: How to make DevSecOps stick with developers](https://www.helpnetsecurity.com/2020/12/14/how-devsecops-developers) [COMMUNITY-TOOL] - [blog.christophetd.fr: Shifting Cloud Security Left โ€” Scanning Infrastructure as Code for Security Issues](https://blog.christophetd.fr/shifting-cloud-security-left-scanning-infrastructure-as-code-for-security-issues) [COMMUNITY-TOOL] - [devclass.com: Docker: Itโ€™s not dead yet, but thereโ€™s a tendency to walk away, security report finds](https://www.devclass.com/containers/2021/01/13/docker-its-not-dead-yet-but-theres-a-tendency-to-walk-away-security-report-finds/1620265) [COMMUNITY-TOOL] - [opensource.com: How to adopt DevSecOps successfully](https://opensource.com/article/21/2/devsecops) [COMMUNITY-TOOL] - [devops.com: DevSecOps Trends to Know For 2021](https://devops.com/devsecops-trends-for-2021) [COMMUNITY-TOOL] - [devops.com: From Agile to DevOps to DevSecOps: The Next Evolution](https://devops.com/from-agile-to-devops-to-devsecops-the-next-evolution) [COMMUNITY-TOOL] - [permission.site](https://permission.site) [COMMUNITY-TOOL] - [ais.com: Leaping into DevSecOps from DevOps](https://www.ais.com/leaping-into-devsecops-from-devops) [COMMUNITY-TOOL] - [infoq.com: The Defense Department's Journey with DevSecOps](https://www.infoq.com/news/2020/06/defense-department-devsecops) [COMMUNITY-TOOL] - [amazon.com: Building end-to-end AWS DevSecOps CI/CD pipeline with open source SCA, SAST and DAST tools](https://aws.amazon.com/blogs/devops/building-end-to-end-aws-devsecops-ci-cd-pipeline-with-open-source-sca-sast-and-dast-tools) [COMMUNITY-TOOL] - [infoq.com: 9 Trends That Are Influencing the Adoption of Devops and Devsecops in 2021](https://www.infoq.com/articles/devops-secure-trends) [COMMUNITY-TOOL] - [invensislearning.com: Difference between DevOps and DevSecOps](https://www.invensislearning.com/blog/devops-vs-devsecops) [COMMUNITY-TOOL] - [techerati.com: DevSecOps: Eight tips for truly securing software](https://www.techerati.com/features-hub/opinions/devsecops-eight-tips-for-truly-securing-software) [COMMUNITY-TOOL] - [devops.com: SecDevOps is the Solution to Cybersecurity ๐ŸŒŸ](https://devops.com/secdevops-is-the-solution-to-cybersecurity) [COMMUNITY-TOOL] - [redeszone.net: No configurar bien la nube es culpable de la mayorรญa de vulnerabilidades](https://www.redeszone.net/noticias/seguridad/configurar-mal-nube-vulnerabilidades) [COMMUNITY-TOOL] - [cybersecuritydive.com: Relationships between DevOps, security warm slowly](https://www.cybersecuritydive.com/news/developer-security-gitlab-devsecops/599599) [COMMUNITY-TOOL] - [harness.io: Automated DevSecOps with StackHawk and Harness](https://www.harness.io/blog/automated-devsecops) [COMMUNITY-TOOL] - [containerjournal.com: The What and Why of Cloud-Native Security](https://cloudnativenow.com/editorial-calendar/cloud-native-security/the-what-and-why-of-cloud-native-security) [COMMUNITY-TOOL] - [sysdig.com: Top vulnerability assessment and management best practices](https://www.sysdig.com/blog/vulnerability-assessment) [COMMUNITY-TOOL] - [thenewstack.io: Where Are You on the DevSecOps Maturity Curve?](https://thenewstack.io/where-are-you-on-the-devsecops-maturity-curve) [COMMUNITY-TOOL] - [thenewstack.io: The Top 5 Secrets Management Mistakes and How to Avoid Them](https://thenewstack.io/the-top-5-secrets-management-mistakes-and-how-to-avoid-them) [COMMUNITY-TOOL] - [arsouyes.org: PKCS, pem, der, key, crt,...](https://www.arsouyes.org/articles/2021/2021-06-21_PKCS_pem_der_key_crt) [COMMUNITY-TOOL] - [torq.io: 5 Security Automation Examples for Non-Developers](https://torq.io/blog/5-security-automation-examples-for-non-developers) [COMMUNITY-TOOL] - [infoq.com: Serverless Security: What's Left to Protect?](https://www.infoq.com/articles/serverless-security) [COMMUNITY-TOOL] - [dqindia.com: Secure your CI/CD pipeline with these tips from experts](https://www.dqindia.com/secure-cicd-pipeline-tips-experts) [COMMUNITY-TOOL] - [thenewstack.io: The DevSecOps Skillsets Required for Cloud Deployments](https://thenewstack.io/the-devsecops-skillsets-required-for-cloud-deployments) [COMMUNITY-TOOL] - [devblogs.microsoft.com: You canโ€™t have security for DevOps until you have DevOps for security](https://devblogs.microsoft.com/engineering-at-microsoft/you-cant-have-security-for-devops-until-you-have-devops-for-security) [COMMUNITY-TOOL] - [goteleport.com: Anatomy of a Cloud Infrastructure Attack via a Pull Request](https://goteleport.com/blog/hack-via-pull-request) [COMMUNITY-TOOL] - [cncf/tag-security: CNCF Security Technical Advisory Group ๐ŸŒŸ](https://github.com/cncf/tag-security) [COMMUNITY-TOOL] - [enterprisersproject.com: 5 DevSecOps open source projects to know](https://enterprisersproject.com/article/2021/8/5-devsecops-open-source-projects-know) [COMMUNITY-TOOL] - [Clair](https://github.com/quay/clair) [COMMUNITY-TOOL] - [thenewstack.io: 10 Steps to Simplify Your DevSecOps](https://thenewstack.io/10-steps-to-simplify-your-devsecops) [COMMUNITY-TOOL] - [redhat.com: 5 ways for teams to create an automation-first mentality](https://www.redhat.com/en/blog/automation-first-mentality) [COMMUNITY-TOOL] - [devops.com: Transform Mobile DevOps into Mobile DevSecOps](https://devops.com/transform-mobile-devops-into-mobile-devsecops) [COMMUNITY-TOOL] - [softwebsolutions.com: What is DevSecOps and why your business needs it](https://www.softwebsolutions.com/resources/devops-security-tools-benefits) [COMMUNITY-TOOL] - [containerjournal.com: Siloscape: The Dark Side of Kubernetes](https://cloudnativenow.com/features/siloscape-the-dark-side-of-kubernetes) [COMMUNITY-TOOL] - [thenewstack.io: Infrastructure-as-Code: 6 Best Practices for Securing Applications ๐ŸŒŸ](https://thenewstack.io/infrastructure-as-code-6-best-practices-for-securing-applications) [COMMUNITY-TOOL] - [devops.com: Securing Your Software Development Pipelines](https://devops.com/securing-your-software-development-pipelines) [COMMUNITY-TOOL] - [thenewstack.io: How GitOps Benefits from Security-as-Code](https://thenewstack.io/how-gitops-benefits-from-security-as-code) [COMMUNITY-TOOL] - [devops.com: Tips for a Successful DevSecOps Life Cycle](https://devops.com/tips-for-a-successful-devsecops-life-cycle) [COMMUNITY-TOOL] - [blog.aquasec.com: Advanced Persistent Threat Techniques Used in Container Attacks](https://blog.aquasec.com/advanced-persistent-threat-techniques-container-attacks) [COMMUNITY-TOOL] - [thenewstack.io: 5 Misconceptions About DevSecOps](https://thenewstack.io/5-misconceptions-about-devsecops) [COMMUNITY-TOOL] - [thenewstack.io: Why Cloud Native Systems Demand a Zero Trust Approach](https://thenewstack.io/why-cloud-native-systems-demand-a-zero-trust-approach) [COMMUNITY-TOOL] - [redhat.com: Getting DevSecOps to production and beyond](https://www.redhat.com/en/blog/devsecops-enterprise-architecture) [COMMUNITY-TOOL] - [opensource.com: 5 open source security resources from 2021](https://opensource.com/article/21/12/open-source-security) [COMMUNITY-TOOL] - [redhat.com: Red Hat's approach to DevSecOps](https://www.redhat.com/en/solutions/devsecops-approach) [COMMUNITY-TOOL] - [thenewstack.io: Open Source Democratized Software. Now Letโ€™s Democratize Security](https://thenewstack.io/open-source-democratized-software-now-lets-democratize-security) [COMMUNITY-TOOL] - [goteleport.com: Why DevSecOps is Going Passwordless](https://goteleport.com/blog/devsecops-passwordless) [COMMUNITY-TOOL] - [thenewstack.io: Want Real Cybersecurity Progress? Redefine the Security Team](https://thenewstack.io/want-real-cybersecurity-progress-redefine-the-security-team) [COMMUNITY-TOOL] - [devops.com: Taking a DevSecOps Approach to API Security](https://devops.com/why-traditional-approaches-to-api-security-dont-work) [COMMUNITY-TOOL] - [devops.com: Continuous Security: The Next Evolution of CI/CD](https://devops.com/continuous-security-the-next-evolution-of-ci-cd) [COMMUNITY-TOOL] - [devops.com: How to Seamlessly Transition to DevSecOps](https://devops.com/how-to-seamlessly-transition-to-devsecops) [COMMUNITY-TOOL] - [research.nccgroup.com: 10 real-world stories of how weโ€™ve compromised CI/CD pipelines](https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines) [COMMUNITY-TOOL] - [thenewstack.io: SecOps in a Post-COVID World: 3 Security Trends to Watch](https://thenewstack.io/secops-in-a-post-covid-world-3-security-trends-to-watch) [COMMUNITY-TOOL] - [sysdig.com: Triaging a Malicious Docker Container](https://www.sysdig.com/blog/triaging-malicious-docker-container) [COMMUNITY-TOOL] - [blog.sonatype.com: Python Packages Upload Your AWS Keys, env vars, Secrets to the Web](https://www.sonatype.com/blog/python-packages-upload-your-aws-keys-env-vars-secrets-to-web) [COMMUNITY-TOOL] - [bleepingcomputer.com: Over 900,000 Kubernetes instances found exposed online](https://www.bleepingcomputer.com/news/security/over-900-000-kubernetes-instances-found-exposed-online) [COMMUNITY-TOOL] - [sysdig.com: How to apply security at the source using GitOps | Eduardo Mรญnguez ๐ŸŒŸ](https://www.sysdig.com/blog/gitops-iac-security-source) [COMMUNITY-TOOL] - [freecodecamp.org: Authentication vs Authorization โ€“ What's the Difference?](https://www.freecodecamp.org/news/whats-the-difference-between-authentication-and-authorisation) [COMMUNITY-TOOL] - [containerjournal.com: Kubernetes Security in Your CI/CD Pipeline](https://cloudnativenow.com/features/kubernetes-security-in-your-ci-cd-pipeline) [COMMUNITY-TOOL] - [acloudguru.com: Cloud security risks: Why you should make apps Secure by Design](https://www.pluralsight.com/resources/blog/cloud/cloud-apps-secure-by-design) [COMMUNITY-TOOL] - [hmaslowski.com: macOS Security hardening with Microsoft Intune](https://hmaslowski.com/home/f/macos-security-hardening-with-microsoft-intune) [COMMUNITY-TOOL] - [kubewarden.io: Scanning secrets in environment variables](https://www.kubewarden.io/blog/2022/10/env-var-secrets) [COMMUNITY-TOOL] - [auth0.com: A Passwordless Future! Passkeys for Java Developers](https://auth0.com/blog/webauthn-and-passkeys-for-java-developers) [COMMUNITY-TOOL] - [infracloud.io: How to Prevent Secret Leaks in Your Repositories](https://www.infracloud.io/blogs/prevent-secret-leaks-in-repositories) [COMMUNITY-TOOL] - [thenewstack.io: Secured Access to Kubernetes from Anywhere with Zero Trust | Tenry Fu ๐ŸŒŸ](https://thenewstack.io/secured-access-to-kubernetes-from-anywhere-with-zero-trust) [COMMUNITY-TOOL] - [rtinsights.com: Implementing Zero Trust for Kubernetes](https://www.rtinsights.com/implementing-zero-trust-for-kubernetes) [COMMUNITY-TOOL] - [cisecurity.org: Where Does Zero Trust Begin and Why is it Important?](https://www.cisecurity.org/insights/blog/where-does-zero-trust-begin-and-why-is-it-important) [COMMUNITY-TOOL] - [thenewstack.io: How Do Authentication and Authorization Differ?](https://thenewstack.io/how-do-authentication-and-authorization-differ) [COMMUNITY-TOOL] - [osohq.com: Patterns for Authorization in Microservices](https://www.osohq.com/post/microservices-authorization-patterns) [COMMUNITY-TOOL] - [oauth2-proxy/oauth2-proxy: OAuth2 Proxy ๐ŸŒŸ](https://github.com/oauth2-proxy/oauth2-proxy) [COMMUNITY-TOOL] - [dev.to/fidalmathew: Session-Based vs. Token-Based Authentication: Which is better?](https://dev.to/fidalmathew/session-based-vs-token-based-authentication-which-is-better-227o) [COMMUNITY-TOOL] - [dev.to/irakan: Is JWT really a good fit for authentication?](https://dev.to/irakan/is-jwt-really-a-good-fit-for-authentication-1khm) [COMMUNITY-TOOL] - [github.com/hygieia/Hygieia ๐ŸŒŸ](https://github.com/hygieia/Hygieia) [COMMUNITY-TOOL] - [thenewstack.io: How Kubernetes vulnerabilities have shifted since the first attacks](https://thenewstack.io/how-kubernetes-vulnerabilities-have-shifted-since-the-first-api-attacks) [COMMUNITY-TOOL] - [mirantis.com: Introduction to Istio Ingress: The easy way to manage incoming Kubernetes app traffic](https://www.mirantis.com/blog/introduction-to-istio-ingress-the-easy-way-to-manage-incoming-kubernetes-app-traffic) [COMMUNITY-TOOL] - [armosec.io: How to secure Kubernetes Ingress?](https://www.armosec.io/blog/kubernetes-ingress-security) [COMMUNITY-TOOL] - [thenewstack.io: StackRox KubeLinter Brings Security Linting to Kubernetes](https://thenewstack.io/stackrox-kubelinter-brings-security-linting-to-kubernetes) [COMMUNITY-TOOL] - [github.com/yannh/kubeconform ๐ŸŒŸ](https://github.com/yannh/kubeconform) [COMMUNITY-TOOL] - [thenewstack.io: Security Insights into Infrastructure-as-Code](https://thenewstack.io/security-insights-into-infrastructure-as-code) [COMMUNITY-TOOL] - [Why you should be using Multi-Category Security (MCS) for your Linux containers](https://www.redhat.com/en/blog/why-you-should-be-using-multi-category-security-your-linux-containers) [COMMUNITY-TOOL] - [Using Podman and Containers to make a more secure pipeline](https://www.redhat.com/en/blog/using-container-technology-make-trusted-pipeline) [COMMUNITY-TOOL] - [thenewstack.io: Project Calico: Kubernetes Security as SaaS](https://thenewstack.io/project-calico-kubernetes-security-as-saas) [COMMUNITY-TOOL] - [Falco.org](https://falco.org) [COMMUNITY-TOOL] - [sysdig.com: Getting started with runtime security and Falco](https://www.sysdig.com/blog/intro-runtime-security-falco) [COMMUNITY-TOOL] - [Security Patterns for Microservice Architectures](https://developer.okta.com/blog/2020/03/23/microservice-security-patterns) [COMMUNITY-TOOL] - [Anchore](https://anchore.com) [COMMUNITY-TOOL] - [thenewstack.io: Anchore: Scan Your Container Images for Vulnerabilities from the Command Line](https://thenewstack.io/anchore-scan-your-container-images-for-vulnerabilities-from-the-command-line) [COMMUNITY-TOOL] - [Twistlock](https://www.paloaltonetworks.com/prisma/cloud) [COMMUNITY-TOOL] - [Threat Stack](https://www.f5.com/products/distributed-cloud-services) [COMMUNITY-TOOL] - [cloud.google.com: OWASP Top 10 mitigation options on Google Cloud ๐ŸŒŸ](https://docs.cloud.google.com/architecture/security/owasp-top-ten-mitigation#product_overviews) [COMMUNITY-TOOL] - [thenewstack.io: Latest OWASP Top 10 Surfaces Web Development Security Bugs](https://thenewstack.io/the-latest-owasp-top-10-looks-a-lot-like-the-old-owasp) [COMMUNITY-TOOL] - [thenewstack.io: OWASP Top 10: A Guide to the Worst Software Vulnerabilities](https://thenewstack.io/owasp-top-10-a-guide-to-the-worst-software-vulnerabilities) [COMMUNITY-TOOL] - [owasp.org: OWASP API Security Project ๐ŸŒŸ](https://owasp.org/www-project-api-security) [COMMUNITY-TOOL] - [traceable.ai: Use the OWASP API Top 10 To Secure Your APIs](https://www.traceable.ai/blog-post/use-the-owasp-api-top-10-to-secure-your-apis) [COMMUNITY-TOOL] - [cequence.ai: The OWASP API Security Top 10 From a Real-World Perspective](https://www.cequence.ai/blog/owasp-api-security-top-10-from-a-real-world-perspective) [COMMUNITY-TOOL] - [github.com/OWASP: OWASP Kubernetes Top 10 ๐ŸŒŸ](https://github.com/OWASP/www-project-kubernetes-top-ten) [COMMUNITY-TOOL] - [securecoding.com: Code Audit: How to Ensure Compliance for an Application](https://www.securecoding.com/blog/code-audit-how-to-ensure-compliance-for-an-application) [COMMUNITY-TOOL] - [stackrox.com](https://www.redhat.com/en/technologies/cloud-computing/openshift/advanced-cluster-security-kubernetes) [COMMUNITY-TOOL] - [redhat.com: Red Hat to Acquire Kubernetes-Native Security Leader StackRox](https://www.redhat.com/en/about/press-releases/red-hat-acquire-kubernetes-native-security-leader-stackrox) [COMMUNITY-TOOL] - [trivy](https://github.com/aquasecurity/trivy) [COMMUNITY-TOOL] - [blog.aquasec.com: A Security Review of Docker Official Images: Which Do You Trust? (with trivy)](https://blog.aquasec.com/docker-official-images) [COMMUNITY-TOOL] - [returngis.net: Buscar vulnerabilidades en imรกgenes de Docker con Snyk](https://www.returngis.net/2021/09/buscar-vulnerabilidades-en-imagenes-de-docker-con-snyk) [COMMUNITY-TOOL] - [iximiuz.com: The need for slimmer containers. Scanning official Python images with Snyk](https://iximiuz.com/en/posts/thick-container-vulnerabilities) [COMMUNITY-TOOL] - [thenewstack.io: Find Vulnerabilities in Container Images with Docker Scan](https://thenewstack.io/find-vulnerabilities-in-container-images-with-docker-scan) [COMMUNITY-TOOL] - [deepfence/YaraHunter](https://github.com/deepfence/YaraHunter) [COMMUNITY-TOOL] - [Securing Kubernetes With Anchore](https://anchore.com/kubernetes) [COMMUNITY-TOOL] - [Anchore: Secure Container Based CI/CD Workflows](https://anchore.com/cicd) [COMMUNITY-TOOL] - [Jenkins Plugin: Anchore Container Image Scanner](https://plugins.jenkins.io/anchore-container-scanner) [COMMUNITY-TOOL] - [Notary](https://github.com/notaryproject/notary) [COMMUNITY-TOOL] - [Cosign: Container Signing](https://github.com/sigstore/cosign) [COMMUNITY-TOOL] - [infracloud.io: Enforcing Image Trust on Docker Containers using Notary](https://www.infracloud.io/blogs/enforcing-image-trust-docker-containers-notary) [COMMUNITY-TOOL] - [infracloud.io: How to Secure Containers with Cosign and Distroless Images](https://www.infracloud.io/blogs/secure-containers-cosign-distroless-images) [COMMUNITY-TOOL] - [github.blog: Safeguard your containers with new container signing capability in GitHub Actions (cosign)](https://github.blog/security/supply-chain-security/safeguard-container-signing-capability-actions) [COMMUNITY-TOOL] - [chrisns/cosign-keyless-demo: Cosign Keyless GitHub Action Demo](https://github.com/chrisns/cosign-keyless-demo) [COMMUNITY-TOOL] - [blog.chainguard.dev: How To Verify Cosigned Container Images In Amazon ECS](https://www.chainguard.dev/unchained) [COMMUNITY-TOOL] - [sysdig.com: How to secure Kubernetes deployment with signature verification](https://www.sysdig.com/blog/secure-kubernetes-deployment-signature-verification) [COMMUNITY-TOOL] - [itnext.io: Securing Kubernetes Workloads: A Practical Approach to Signed and Encrypted Container Images](https://itnext.io/securing-kubernetes-workloads-a-practical-approach-to-signed-and-encrypted-container-images-ff6e98b65bcd) [COMMUNITY-TOOL] - [GitHub security: what does it take to protect your company from credentials leaking on GitHub? ๐ŸŒŸ](https://blog.gitguardian.com/github-security) [COMMUNITY-TOOL] - [forbes.com: DevOps Drives Pentesting Delivered As A Service](https://www.forbes.com/sites/chenxiwang/2020/06/17/devops-drives-pentesting-delivered-as-a-service) [COMMUNITY-TOOL] - [keycloak.org](https://www.keycloak.org) [COMMUNITY-TOOL] - [Authorizing multi-language microservices with Louketo Proxy](https://developers.redhat.com/blog/2020/08/03/authorizing-multi-language-microservices-with-louketo-proxy) [COMMUNITY-TOOL] - [developers.redhat.com: A deep dive into Keycloak](https://developers.redhat.com/blog/2020/08/07/a-deep-dive-into-keycloak) [COMMUNITY-TOOL] - [blog.getambassador.io: Step-by-Step Centralized Authentication for Kubernetes with Keycloak and the Ambassador Edge Stack](https://blog.getambassador.io/centralized-authentication-with-keycloak-and-ambassador-edge-stack-d509ffbc7b6f) [COMMUNITY-TOOL] - [blog.sighup.io: How to run Keycloak in HA on Kubernetes](https://blog.sighup.io/keycloak-ha-on-kubernetes) [COMMUNITY-TOOL] - [developers.redhat.com: Authentication and authorization using the Keycloak REST API](https://developers.redhat.com/blog/authentication-and-authorization-using-the-keycloak-rest-api) [COMMUNITY-TOOL] - [openshift.com: Geographically Distributed Stateful Workloads - Part 3: Keycloak](https://www.redhat.com/en/blog/geographically-distributed-stateful-workloads-part-3-keycloak) [COMMUNITY-TOOL] - [blog.flant.com: Running fault-tolerant Keycloak with Infinispan in Kubernetes](https://palark.com/blog/ha-keycloak-infinispan-kubernetes) [COMMUNITY-TOOL] - [dev.to: KeyCloak with Nginx Ingress](https://dev.to/aws-builders/keycloak-with-nginx-ingress-6fo) [COMMUNITY-TOOL] - [Git Credential Manager Core](https://github.com/git-ecosystem/git-credential-manager) [COMMUNITY-TOOL] - [Git Credential Manager Core: Building a universal authentication experience](https://github.blog/open-source/git/git-credential-manager-core-building-a-universal-authentication-experience) [COMMUNITY-TOOL] - [blog.gitguardian.com: Secrets in source code (episode 2/3). Why secrets in git are such a problem](https://blog.gitguardian.com/secrets-credentials-api-git) [COMMUNITY-TOOL] - [harness.io: Managing Secrets in CI/CD Pipelines ๐ŸŒŸ](https://www.harness.io/blog) [COMMUNITY-TOOL] - [smallstep.com: How to Handle Secrets on the Command Line ๐ŸŒŸ](https://smallstep.com/blog/command-line-secrets) [COMMUNITY-TOOL] - [cloud.google.com: Analyze secrets with Cloud Asset Inventory](https://docs.cloud.google.com/secret-manager/docs/analyze-resources) [COMMUNITY-TOOL] - [sops: Simple and flexible tool for managing secrets ๐ŸŒŸ](https://github.com/getsops/sops) [COMMUNITY-TOOL] - [jenkins-x.io: Setting up the secrets for your installation](https://jayex.io/v3/admin/setup/secrets) [COMMUNITY-TOOL] - [fpcomplete.com: Announcing Amber, encrypted secrets management](https://academy.fpblock.com/blog/announcing-amber-ci-secret-tool) [COMMUNITY-TOOL] - [github.com/keilerkonzept/aws-secretsmanager-files](https://pkg.go.dev/github.com/keilerkonzept/aws-secretsmanager-files) [COMMUNITY-TOOL] - [youtube: Which of your Kubernetes Apps are accessing Secrets? ๐ŸŒŸ](https://www.youtube.com/watch?v=6UF-QxiRGms&ab_channel=Kubevious) [COMMUNITY-TOOL] - [jenkins-x/gsm-controller](https://github.com/jenkins-x/gsm-controller) [COMMUNITY-TOOL] - [GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp: Google Secret Manager Provider for Secret Store CSI Driver](https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp) [COMMUNITY-TOOL] - [devops.com: DevOps Teams Struggling to Keep Secrets](https://devops.com/devops-teams-struggling-to-keep-secrets) [COMMUNITY-TOOL] - [thorsten-hans.com: Encrypt your Kubernetes Secrets with Mozilla SOPS](https://www.thorsten-hans.com/encrypt-your-kubernetes-secrets-with-mozilla-sops) [COMMUNITY-TOOL] - [developers.redhat.com: Protect secrets in Git with the clean/smudge filter](https://developers.redhat.com/articles/2022/02/02/protect-secrets-git-cleansmudge-filter) [COMMUNITY-TOOL] - [kubeopsskills/cloud-secret-resolvers: Cloud Secret Resolvers (CSR)](https://github.com/kubeopsskills/cloud-secret-resolvers) [COMMUNITY-TOOL] - [thenewstack.io: Managing Secrets in Your DevOps Pipeline](https://thenewstack.io/managing-secrets-in-your-devops-pipeline) [COMMUNITY-TOOL] - [thenewstack.io: Kubernetes Secrets Management: 3 Approaches, 9 Best Practices](https://thenewstack.io/kubernetes-secrets-management-3-approaches-9-best-practices) [COMMUNITY-TOOL] - [commjoen/wrongsecrets: OWASP WrongSecrets](https://github.com/commjoen/wrongsecrets) [COMMUNITY-TOOL] - [aws/secrets-store-csi-driver-provider-aws: AWS Secrets Manager and Config Provider for Secret Store CSI Driver](https://github.com/aws/secrets-store-csi-driver-provider-aws) [COMMUNITY-TOOL] - [unixarena.com: Terraform โ€“ Source credentials from AWS secret Manager](https://unixarena.com/2022/04/terraform-source-credentials-from-aws-secret-manager.html) [COMMUNITY-TOOL] - [pyca/bcrypt](https://github.com/pyca/bcrypt) [COMMUNITY-TOOL] - [argon2-cffi](https://argon2-cffi.readthedocs.io/en/stable) [COMMUNITY-TOOL] - [docs.python.org: scrypt (standard library)](https://docs.python.org/3/library/hashlib.html#hashlib.scrypt) [COMMUNITY-TOOL] - [cryptography.io: scrypt (cryptography)](https://cryptography.io/en/latest/hazmat/primitives/key-derivation-functions/#cryptography.hazmat.primitives.kdf.scrypt.Scrypt) [COMMUNITY-TOOL] - [git-secret.io](https://git-secret.io) [COMMUNITY-TOOL] - [git-cipher](https://github.com/wincent/git-cipher) [COMMUNITY-TOOL] - [hashicorp/vault](https://github.com/hashicorp/vault) [COMMUNITY-TOOL] - [hashicorp/vault-csi-provider: HashiCorp Vault Provider for Secrets Store CSI Driver](https://github.com/hashicorp/vault-csi-provider) [COMMUNITY-TOOL] - [vaultproject.io](https://developer.hashicorp.com/vault) [COMMUNITY-TOOL] - [github.com/kelseyhightower: Serverless Vault with Cloud Run](https://github.com/kelseyhightower/serverless-vault-with-cloud-run) [COMMUNITY-TOOL] - [confluent.io: How to Manage Secrets for Confluent with Kubernetes and HashiCorp Vault](https://www.confluent.io/blog/manage-secrets-with-kubernetes-and-hashicorp-vault) [COMMUNITY-TOOL] - [digitalvarys.com: Simple Introduction to HashiCorp Vault](https://digitalvarys.com/simple-introduction-to-hashicorp-vault) [COMMUNITY-TOOL] - [thenewstack.io: HashiCorp Releases HCP Vault to Combat โ€˜Secrets Managementโ€™ Fatigue](https://thenewstack.io/hashicorps-releases-hcp-vault-to-combat-secrets-management-fatigue) [COMMUNITY-TOOL] - [datadoghq.com: Monitor HashiCorp Vault metrics and logs](https://www.datadoghq.com/blog/monitor-vault-metrics-and-logs) [COMMUNITY-TOOL] - [thenewstack.io: Reasons to Implement HashiCorp Vault and Other Zero Trust Tools](https://thenewstack.io/reasons-to-implement-hashicorp-vault-and-other-zero-trust-tools) [COMMUNITY-TOOL] - [testdriven.io: Running Vault and Consul on Kubernetes](https://testdriven.io/blog/running-vault-and-consul-on-kubernetes) [COMMUNITY-TOOL] - [devopscube.com: How to Setup Vault in Kubernetes- Beginners Tutorial ๐ŸŒŸ](https://devopscube.com/vault-in-kubernetes) [COMMUNITY-TOOL] - [devopscube.com: Vault Agent Injector Tutorial: Inject Secrets to Pods Using Vault Agent](https://devopscube.com/vault-agent-injector-tutorial) [COMMUNITY-TOOL] - [piotrminkowski.com: Vault on Kubernetes with Spring Cloud](https://piotrminkowski.com/2021/12/30/vault-on-kubernetes-with-spring-cloud) [COMMUNITY-TOOL] - [alexandre-vazquez.com: How To Inject Secrets in Pods To Improve Security with Hashicorp Vault in 5 Minutes ๐ŸŒŸ](https://alexandre-vazquez.com/inject-secrets-in-pods-using-hashicorp-vault) [COMMUNITY-TOOL] - [harness.io: Tutorial: How to Use the New Vault Agent Integration Method With Harness](https://www.harness.io/blog/vault-agent-secrets-management) [COMMUNITY-TOOL] - [docs.microsoft.com: Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/overview) [COMMUNITY-TOOL] - [azure.github.io: Azure Key Vault Provider for Secrets Store CSI Driver](https://azure.github.io/secrets-store-csi-driver-provider-azure) [COMMUNITY-TOOL] - [akv2k8s.io: Azure Key Vault to Kubernetes akv2k8s ๐ŸŒŸ](https://akv2k8s.io) [COMMUNITY-TOOL] - [Azure Key Vault to Kubernetes](https://github.com/SparebankenVest/azure-key-vault-to-kubernetes) [COMMUNITY-TOOL] - [Neoteroi/essentials-configuration-keyvault](https://github.com/Neoteroi/essentials-configuration-keyvault) [COMMUNITY-TOOL] - [techcommunity.microsoft.com: In preview: Azure Key Vault secrets provider extension for Arc enabled Kubernetes clusters](https://techcommunity.microsoft.com/blog/azurearcblog/in-preview-azure-key-vault-secrets-provider-extension-for-arc-enabled-kubernetes/3002160) [COMMUNITY-TOOL] - [vcloud-lab.com: Create Azure Key Vault Certificates on Azure Portal and Powershell](http://vcloud-lab.com/entries/microsoft-azure/-create-azure-key-vault-certificates-on-azure-portal-and-powershell) [COMMUNITY-TOOL] - [ansible.com: Simplifying secrets management with CyberArk and Red Hat Ansible Automation Platform](https://www.redhat.com/en/blog/simplifying-secrets-management-with-cyberark-and-red-hat-ansible-automation-platform?sc_cid=7015Y000003t7aWQAQ) [COMMUNITY-TOOL] - [ansible.com: Automating Security with CyberArk and Red Hat Ansible Automation Platform](https://www.redhat.com/en/blog/automating-security-with-cyberark-and-red-hat-ansible-automation-platform?sc_cid=7015Y000003t7aWQAQ) [COMMUNITY-TOOL] - [conjur.org](https://www.conjur.org) [COMMUNITY-TOOL] - [infracloud.io: Securing Kubernetes Secrets with Conjur ๐ŸŒŸ](https://www.infracloud.io/blogs/securing-kubernetes-secrets-conjur) [COMMUNITY-TOOL] - [dev.to: Manage your secrets in Git with SOPS for Kubernetes ๐ŸŒŸ](https://dev.to/stack-labs/manage-your-secrets-in-git-with-sops-for-kubernetes-57me) [COMMUNITY-TOOL] - [GitOps secret management with bitnami-labs Sealed Secret and GoDaddy Kubernetes External Secrets ๐ŸŒŸ](https://www.redhat.com/en/blog/gitops-secret-management) [COMMUNITY-TOOL] - [aws.amazon.com: Managing secrets deployment in Kubernetes using Sealed Secrets ๐ŸŒŸ](https://aws.amazon.com/blogs/opensource/managing-secrets-deployment-in-kubernetes-using-sealed-secrets) [COMMUNITY-TOOL] - [blog.container-solutions.com: The Birth of the External Secrets Community](https://blog.container-solutions.com/the-birth-of-the-external-secrets-community) [COMMUNITY-TOOL] - [itnext.io: Secrets injection at runtime from external Vault into Kubernetes โ€” POC](https://itnext.io/secrets-injection-from-external-vault-into-kubernetes-poc-83a52c8cf5cb) [COMMUNITY-TOOL] - [jx-secret-postrenderer ๐ŸŒŸ](https://github.com/jenkins-x-plugins/jx-secret-postrenderer) [COMMUNITY-TOOL] - [thenewstack.io: Managing Kubernetes Secrets with AWS Secrets Manager ๐ŸŒŸ](https://thenewstack.io/managing-kubernetes-secrets-with-aws-secrets-manager) [COMMUNITY-TOOL] - [K8s Vault Webhook ๐ŸŒŸ](https://ot-container-kit.github.io/k8s-vault-webhook) [COMMUNITY-TOOL] - [thenewstack.io: Walkthrough: Bitwardenโ€™s New Secrets Manager](https://thenewstack.io/walkthrough-bitwardens-new-secrets-manager) [COMMUNITY-TOOL] - [morey.tech: Bitwarden and External Secrets](https://morey.tech/technical%20blog/Bitwarden-And-External-Secrets) [COMMUNITY-TOOL] - [10 Serverless security best practices](https://snyk.io/blog/10-serverless-security-best-practices) [COMMUNITY-TOOL] - [thehackernews.com: Docker Images Containing Cryptojacking Malware Distributed via Docker Hub](https://thehackernews.com/2020/06/cryptocurrency-docker-image.html) [COMMUNITY-TOOL] - [sysdig.com: 12 Container image scanning best practices to adopt in production](https://www.sysdig.com/learn-cloud-native/12-container-image-scanning-best-practices) [COMMUNITY-TOOL] - [infracloud.io: The Ten Commandments of Container Security](https://www.infracloud.io/blogs/top-10-things-for-container-security) [COMMUNITY-TOOL] - [sysdig.com: Sysdig 2021 container security and usage report: Shifting left is not enough ๐ŸŒŸ](https://www.sysdig.com/blog/sysdig-2021-container-security-usage-report) [COMMUNITY-TOOL] - [itnext.io: Hardening Docker and Kubernetes with seccomp ๐ŸŒŸ](https://itnext.io/hardening-docker-and-kubernetes-with-seccomp-a88b1b4e2111) [COMMUNITY-TOOL] - [redhat.com: Improving Linux container security with seccomp ๐ŸŒŸ](https://www.redhat.com/en/blog/container-security-seccomp) [COMMUNITY-TOOL] - [openshift.com: Signing and Verifying Container Images ๐ŸŒŸ](https://www.redhat.com/en/blog/signing-and-verifying-container-images) [COMMUNITY-TOOL] - [redhat.com: Introducing Red Hat Vulnerability Scanner Certification](https://www.redhat.com/en/blog/introducing-red-hat-vulnerability-scanner-certification) [COMMUNITY-TOOL] - [docs.microsoft.com: Introduction to Azure Defender for container registries](https://learn.microsoft.com/en-us/azure/defender-for-cloud/defender-for-container-registries-introduction#when-are-images-scanned) [COMMUNITY-TOOL] - [techbeacon.com: 17 open-source container security tools ๐ŸŒŸ](https://techbeacon.com/security/17-open-source-container-security-tools) [COMMUNITY-TOOL] - [GoogleContainerTools/container-structure-test](https://github.com/GoogleContainerTools/container-structure-test) [COMMUNITY-TOOL] - [dynatrace.com: Container security: What it is, why itโ€™s tricky, and how to do it right](https://www.dynatrace.com/news/blog/what-is-container-security) [COMMUNITY-TOOL] - [sigstore.dev](https://www.sigstore.dev) [COMMUNITY-TOOL] - [youtube: Hands-on Introduction to sigstore | Rawkode Live](https://www.youtube.com/watch?v=fZfd4orrn8Y&ab_channel=RawkodeAcademy) [COMMUNITY-TOOL] - [opensource.com: Sign and verify container images with this open source tool (sigstore)](https://opensource.com/article/21/12/sigstore-container-images) [COMMUNITY-TOOL] - [sysdig.com: Container security best practices: Ultimate guide ๐ŸŒŸ](https://www.sysdig.com/learn-cloud-native/container-security-best-practices) [COMMUNITY-TOOL] - [infracloud.io: Kubernetes Pod Security Policies with Open Policy Agent](https://www.infracloud.io/blogs/kubernetes-pod-security-policies-opa) [COMMUNITY-TOOL] - [blog.nody.cc: Verify your Kubernetes Cluster Network Policies: From Faith to Proof](https://blog.nody.cc/posts/2020-06-kubernetes-network-policy-verification) [COMMUNITY-TOOL] - [DevSecOps โ€“ Static Analysis SAST with Jenkins Pipeline](https://digitalvarys.com/devsecops-static-analysis-sast-with-jenkins-pipeline) [COMMUNITY-TOOL] - [europeclouds.com: Implementing Aqua Security to Secure Kubernetes](https://www.europeclouds.com/blog/implementing-aqua-security-to-secure-kubernetes) [COMMUNITY-TOOL] - [Pomerium](https://github.com/pomerium/pomerium) [COMMUNITY-TOOL] - [fluentbit.io](https://fluentbit.io) [COMMUNITY-TOOL] - [falco.org: Detect Malicious Behaviour on Kubernetes API Server through gathering Audit Logs by using FluentBit - Part 2](https://falco.org/blog/detect-malicious-behaviour-on-kubernetes-api-server-through-gathering-audit-logs-by-using-fluentbit-part-2) [COMMUNITY-TOOL] - [kubearmor.io](https://kubearmor.io) [COMMUNITY-TOOL] - [itnext.io: Protecting Your Kubernetes Environment With KubeArmor](https://itnext.io/protecting-your-kubernetes-environment-with-kubearmor-76b02fc2209b) [COMMUNITY-TOOL] - [itnext.io: Helm 3 โ€” Secrets management, an alternative approach ๐ŸŒŸ](https://itnext.io/helm-3-secrets-management-4f23041f05c3) [COMMUNITY-TOOL] - [itnext.io: Manage Auto-generated Secrets In Your Helm Charts ๐ŸŒŸ](https://itnext.io/manage-auto-generated-secrets-in-your-helm-charts-5aee48ba6918) [COMMUNITY-TOOL] - [hashcat](https://hashcat.net/hashcat) [COMMUNITY-TOOL] - [intezer.com: New Attacks on Kubernetes via Misconfigured Argo Workflows](https://intezer.com/blog/new-attacks-on-kubernetes-via-misconfigured-argo-workflows) [COMMUNITY-TOOL] - [devops.com: How to Automate PKI for DevOps With Open Source Tools](https://devops.com/how-to-automate-pki-for-devops-with-open-source-tools) [COMMUNITY-TOOL] - [cybersecsi/HOUDINI: Hundreds of Offensive and Useful Docker Images for Network Intrusion](https://github.com/cybersecsi/HOUDINI) [COMMUNITY-TOOL] - [itnext.io: Top 6 Threat Detection Tools for Containers](https://itnext.io/top-6-threat-detection-tools-for-containers-3dd80b77777e) [COMMUNITY-TOOL] - [thenewstack.io: AWS Open Sources Security Tools](https://thenewstack.io/aws-open-sources-security-tools) [COMMUNITY-TOOL] - [sentinelone.com: Reducing Human Effort in Cybersecurity | Why We Are Investing in Torqโ€™s Automation Platform](https://www.sentinelone.com/blog/reducing-human-effort-in-cybersecurity-why-we-are-investing-in-torqs-automation-platform) [COMMUNITY-TOOL] - [pkg.go.dev/knative.dev/security-guard](https://pkg.go.dev/knative.dev/security-guard) [COMMUNITY-TOOL] - [developer.ibm.com: Secure microservices by monitoring behavior](https://developer.ibm.com/technologies/containers) [COMMUNITY-TOOL] - [Microservices Security in Action](https://medium.facilelogin.com/microservices-security-in-action-933072043ad7) [COMMUNITY-TOOL] - [sysdig.com: Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman](https://www.sysdig.com/blog/cve-2021-20291-cri-o-podman) [COMMUNITY-TOOL] - [sysdig.com: Mitigating log4j with Runtime-based Kubernetes Network Policies](https://www.sysdig.com/blog/mitigating-log4j-kubernetes-network-policies) [COMMUNITY-TOOL] - [github.com/aws-samples: Apache Log4j2 CVE-2021-44228 node agent](https://github.com/aws-samples/kubernetes-log4j-cve-2021-44228-node-agent) [COMMUNITY-TOOL] - [proferosec/log4jScanner](https://github.com/proferosec/log4jScanner) [COMMUNITY-TOOL] - [Apache Log4j Security Vulnerabilities](https://logging.apache.org/security.html) [COMMUNITY-TOOL] - [cloud.redhat.com: Log4Shell: Practical Mitigations and Impact Analysis of the Log4j Vulnerabilities](https://www.redhat.com/en/blog/log4shell-practical-mitigations-and-impact-analysis) [COMMUNITY-TOOL] - [edition.cnn.com: The Log4j security flaw could impact the entire internet. Here's what you should know](https://edition.cnn.com/2021/12/15/tech/log4j-vulnerability/index.html) [COMMUNITY-TOOL] - [yahoo/check-log4j](https://github.com/yahoo/check-log4j) [COMMUNITY-TOOL] - [welivesecurity.com: Lo que todo lรญder de una empresa debe saber sobre Log4Shell](https://www.welivesecurity.com/la-es/2021/12/16/que-deben-saber-lideres-empresas-sobre-log4shell) [COMMUNITY-TOOL] - [genbeta.com: "Internet estรก en llamas": Cloudflare ha detectado mรกs de 24.600 ataques por minuto que explotaban la vulnerabilidad Log4Shell](https://www.genbeta.com/actualidad/internet-esta-llamas-cloudflare-ha-detectado-24-600-ataques-minuto-que-explotaban-vulnerabilidad-log4shell) [COMMUNITY-TOOL] - [dynatrace.com: Log4Shell vulnerability](https://www.dynatrace.com/news/tag/log4shell) [COMMUNITY-TOOL] - [Maelstromage/Log4jSherlock](https://github.com/Maelstromage/Log4jSherlock) [COMMUNITY-TOOL] - [cyberscoop.com: The Log4j flaw is the latest reminder that quick security fixes are easier said than done](https://cyberscoop.com/log4j-hack-security-update-ransomware) [COMMUNITY-TOOL] - [vpnranks.com: Belgian Defense Ministry Under Cyber Attack Due to Log4j Vulnerability](https://www.vpnranks.com/news/belgian-defense-ministry-under-cyber-attack-due-to-log4j-vulnerability) [COMMUNITY-TOOL] - [dynatrace.com: Log4Shell vulnerability discovery and mitigation require automatic and intelligent observability](https://www.dynatrace.com/news/blog/log4shell-vulnerability-discovery-and-mitigation) [COMMUNITY-TOOL] - [thenewstack.io: Yet Another Log4j Security Problem Appears](https://thenewstack.io/yet-another-log4j-security-problem-appears) [COMMUNITY-TOOL] - [cisagov/log4j-scanner](https://github.com/cisagov/log4j-scanner) [COMMUNITY-TOOL] - [google/log4jscanner](https://github.com/google/log4jscanner) [COMMUNITY-TOOL] - [thehackernews.com: Microsoft Warns of Continued Attacks Exploiting Apache Log4j Vulnerabilities](https://thehackernews.com/2022/01/microsoft-warns-of-continued-attacks.html) [COMMUNITY-TOOL] - [zdnet.com: Log4j: Google and IBM call for list of critical open source projects](https://www.zdnet.com/article/log4j-after-white-house-meeting-google-calls-for-list-of-critical-open-source-projects) [COMMUNITY-TOOL] - [it.slashdot.org: And the Top Source of Critical Security Threats Is...PowerShell](https://it.slashdot.org/story/21/05/22/041242/and-the-top-source-of-critical-security-threats-ispowershell) [COMMUNITY-TOOL] - [therecord.media: UK government plans to release Nmap scripts for finding vulnerabilities](https://therecord.media/uk-government-plans-to-release-nmap-scripts-for-finding-vulnerabilities) [COMMUNITY-TOOL] - [thenewstack.io: WAF: Securing Applications at the Edge](https://thenewstack.io/waf-securing-applications-at-the-edge) [COMMUNITY-TOOL] - [zdnet.com: Google releases new open-source security software program: Scorecards](https://www.zdnet.com/article/google-releases-new-open-source-security-software-program-scorecards) [COMMUNITY-TOOL] - [tryhackme.com: Metasploit: Introduction](https://tryhackme.com/room/metasploitintro) [COMMUNITY-TOOL] - [socket.dev: Introducing Socket](https://socket.dev/blog/introducing-socket) [COMMUNITY-TOOL] - [deepfence/ThreatMapper ๐ŸŒŸ](https://github.com/deepfence/ThreatMapper) [COMMUNITY-TOOL] - [github.com/goauthentik/authentik](https://github.com/goauthentik/authentik) [COMMUNITY-TOOL] - [github.com/openappsec/openappsec](https://github.com/openappsec/openappsec) [COMMUNITY-TOOL] - [Microsoft Security Copilot](https://www.microsoft.com/en-us/security/business/ai-machine-learning/microsoft-security-copilot) [COMMUNITY-TOOL] - [github.com/prowler-cloud/prowler ๐ŸŒŸ๐ŸŒŸ](https://github.com/prowler-cloud/prowler) [COMMUNITY-TOOL]